Line data Source code
1 : /*
2 : * Copyright (C) 2002-2016 Free Software Foundation, Inc.
3 : * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos
4 : * Copyright (C) 2015-2018 Red Hat, Inc.
5 : *
6 : * Author: Nikos Mavrogiannopoulos
7 : *
8 : * This file is part of GnuTLS.
9 : *
10 : * The GnuTLS is free software; you can redistribute it and/or
11 : * modify it under the terms of the GNU Lesser General Public License
12 : * as published by the Free Software Foundation; either version 2.1 of
13 : * the License, or (at your option) any later version.
14 : *
15 : * This library is distributed in the hope that it will be useful, but
16 : * WITHOUT ANY WARRANTY; without even the implied warranty of
17 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 : * Lesser General Public License for more details.
19 : *
20 : * You should have received a copy of the GNU Lesser General Public License
21 : * along with this program. If not, see <https://www.gnu.org/licenses/>
22 : *
23 : */
24 :
25 : /* Functions to manipulate the session (gnutls_int.h), and some other stuff
26 : * are included here. The file's name is traditionally gnutls_state even if the
27 : * state has been renamed to session.
28 : */
29 :
30 : #include "gnutls_int.h"
31 : #include "errors.h"
32 : #include <auth.h>
33 : #include <num.h>
34 : #include <datum.h>
35 : #include <db.h>
36 : #include <record.h>
37 : #include <handshake.h>
38 : #include <dh.h>
39 : #include <buffers.h>
40 : #include <mbuffers.h>
41 : #include <state.h>
42 : #include <constate.h>
43 : #include <auth/cert.h>
44 : #include <auth/anon.h>
45 : #include <auth/psk.h>
46 : #include <algorithms.h>
47 : #include <hello_ext.h>
48 : #include <system.h>
49 : #include <random.h>
50 : #include <fips.h>
51 : #include <intprops.h>
52 : #include <gnutls/dtls.h>
53 : #include "dtls.h"
54 : #include "tls13/session_ticket.h"
55 : #include "ext/cert_types.h"
56 : #include "locks.h"
57 : #include "kx.h"
58 : #ifdef HAVE_VALGRIND_MEMCHECK_H
59 : #include <valgrind/memcheck.h>
60 : #endif
61 :
62 : /* to be used by supplemental data support to disable TLS1.3
63 : * when supplemental data have been globally registered */
64 : unsigned _gnutls_disable_tls13 = 0;
65 :
66 : /* These should really be static, but src/tests.c calls them. Make
67 : them public functions? */
68 : void
69 : _gnutls_rsa_pms_set_version(gnutls_session_t session,
70 : unsigned char major, unsigned char minor);
71 :
72 : /**
73 : * gnutls_cipher_get:
74 : * @session: is a #gnutls_session_t type.
75 : *
76 : * Get the currently used cipher.
77 : *
78 : * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
79 : * type.
80 : **/
81 20867 : gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session)
82 : {
83 20867 : record_parameters_st *record_params;
84 20867 : int ret;
85 :
86 20867 : ret =
87 20867 : _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
88 20867 : if (ret < 0)
89 0 : return gnutls_assert_val(GNUTLS_CIPHER_NULL);
90 :
91 20867 : return record_params->cipher->id;
92 : }
93 :
94 : /**
95 : * gnutls_certificate_type_get:
96 : * @session: is a #gnutls_session_t type.
97 : *
98 : * This function returns the type of the certificate that is negotiated
99 : * for this side to send to the peer. The certificate type is by default
100 : * X.509, unless an alternative certificate type is enabled by
101 : * gnutls_init() and negotiated during the session.
102 : *
103 : * Resumed sessions will return the certificate type that was negotiated
104 : * and used in the original session.
105 : *
106 : * As of version 3.6.4 it is recommended to use
107 : * gnutls_certificate_type_get2() which is more fine-grained.
108 : *
109 : * Returns: the currently used #gnutls_certificate_type_t certificate
110 : * type as negotiated for 'our' side of the connection.
111 : **/
112 : gnutls_certificate_type_t
113 696 : gnutls_certificate_type_get(gnutls_session_t session)
114 : {
115 696 : return gnutls_certificate_type_get2(session, GNUTLS_CTYPE_OURS);
116 : }
117 :
118 : /**
119 : * gnutls_certificate_type_get2:
120 : * @session: is a #gnutls_session_t type.
121 : * @target: is a #gnutls_ctype_target_t type.
122 : *
123 : * This function returns the type of the certificate that a side
124 : * is negotiated to use. The certificate type is by default X.509,
125 : * unless an alternative certificate type is enabled by gnutls_init() and
126 : * negotiated during the session.
127 : *
128 : * The @target parameter specifies whether to request the negotiated
129 : * certificate type for the client (%GNUTLS_CTYPE_CLIENT),
130 : * or for the server (%GNUTLS_CTYPE_SERVER). Additionally, in P2P mode
131 : * connection set up where you don't know in advance who will be client
132 : * and who will be server you can use the flag (%GNUTLS_CTYPE_OURS) and
133 : * (%GNUTLS_CTYPE_PEERS) to retrieve the corresponding certificate types.
134 : *
135 : * Resumed sessions will return the certificate type that was negotiated
136 : * and used in the original session. That is, this function can be used
137 : * to reliably determine the type of the certificate returned by
138 : * gnutls_certificate_get_peers().
139 : *
140 : * Returns: the currently used #gnutls_certificate_type_t certificate
141 : * type for the client or the server.
142 : *
143 : * Since: 3.6.4
144 : **/
145 : gnutls_certificate_type_t
146 6929 : gnutls_certificate_type_get2(gnutls_session_t session,
147 : gnutls_ctype_target_t target)
148 : {
149 : /* We want to inline this function so therefore
150 : * we've defined it in gnutls_int.h */
151 6929 : return get_certificate_type(session, target);
152 : }
153 :
154 : /**
155 : * gnutls_kx_get:
156 : * @session: is a #gnutls_session_t type.
157 : *
158 : * Get the currently used key exchange algorithm.
159 : *
160 : * This function will return %GNUTLS_KX_ECDHE_RSA, or %GNUTLS_KX_DHE_RSA
161 : * under TLS 1.3, to indicate an elliptic curve DH key exchange or
162 : * a finite field one. The precise group used is available
163 : * by calling gnutls_group_get() instead.
164 : *
165 : * Returns: the key exchange algorithm used in the last handshake, a
166 : * #gnutls_kx_algorithm_t value.
167 : **/
168 14209 : gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session)
169 : {
170 14209 : if (session->security_parameters.cs == 0)
171 : return 0;
172 :
173 14209 : if (session->security_parameters.cs->kx_algorithm == 0) { /* TLS 1.3 */
174 9890 : const version_entry_st *ver = get_version(session);
175 9890 : const gnutls_group_entry_st *group = get_group(session);
176 :
177 9890 : if (ver->tls13_sem) {
178 9890 : if (session->internals.hsk_flags & HSK_PSK_SELECTED) {
179 2589 : if (group) {
180 883 : if (group->pk == GNUTLS_PK_DH)
181 : return GNUTLS_KX_DHE_PSK;
182 : else
183 392 : return GNUTLS_KX_ECDHE_PSK;
184 : } else {
185 : return GNUTLS_KX_PSK;
186 : }
187 7301 : } else if (group) {
188 7301 : if (group->pk == GNUTLS_PK_DH)
189 : return GNUTLS_KX_DHE_RSA;
190 : else
191 4447 : return GNUTLS_KX_ECDHE_RSA;
192 : }
193 : }
194 : }
195 :
196 : return session->security_parameters.cs->kx_algorithm;
197 : }
198 :
199 : /**
200 : * gnutls_mac_get:
201 : * @session: is a #gnutls_session_t type.
202 : *
203 : * Get the currently used MAC algorithm.
204 : *
205 : * Returns: the currently used mac algorithm, a
206 : * #gnutls_mac_algorithm_t value.
207 : **/
208 20784 : gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session)
209 : {
210 20784 : record_parameters_st *record_params;
211 20784 : int ret;
212 :
213 20784 : ret =
214 20784 : _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
215 20784 : if (ret < 0)
216 0 : return gnutls_assert_val(GNUTLS_MAC_NULL);
217 :
218 20784 : return record_params->mac->id;
219 : }
220 :
221 : /**
222 : * gnutls_compression_get:
223 : * @session: is a #gnutls_session_t type.
224 : *
225 : * Get the currently used compression algorithm.
226 : *
227 : * Returns: the currently used compression method, a
228 : * #gnutls_compression_method_t value.
229 : **/
230 : gnutls_compression_method_t
231 39 : gnutls_compression_get(gnutls_session_t session)
232 : {
233 39 : return GNUTLS_COMP_NULL;
234 : }
235 :
236 : /**
237 : * gnutls_prf_hash_get:
238 : * @session: is a #gnutls_session_t type.
239 : *
240 : * Get the currently used hash algorithm. In TLS 1.3, the hash
241 : * algorithm is used for both the key derivation function and
242 : * handshake message authentication code. In TLS 1.2, it matches the
243 : * hash algorithm used for PRF.
244 : *
245 : * Returns: the currently used hash algorithm, a
246 : * #gnutls_digest_algorithm_t value.
247 : *
248 : * Since: 3.6.13
249 : **/
250 : gnutls_digest_algorithm_t
251 2 : gnutls_prf_hash_get(const gnutls_session_t session)
252 : {
253 2 : if (session->security_parameters.prf == NULL)
254 0 : return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
255 :
256 2 : if (session->security_parameters.prf->id >= GNUTLS_MAC_AEAD)
257 0 : return gnutls_assert_val(GNUTLS_DIG_UNKNOWN);
258 :
259 : return (gnutls_digest_algorithm_t)session->security_parameters.prf->id;
260 : }
261 :
262 39812 : void reset_binders(gnutls_session_t session)
263 : {
264 39812 : _gnutls_free_temp_key_datum(&session->key.binders[0].psk);
265 39812 : _gnutls_free_temp_key_datum(&session->key.binders[1].psk);
266 39812 : memset(session->key.binders, 0, sizeof(session->key.binders));
267 39812 : }
268 :
269 : /* Check whether certificate credentials of type @cert_type are set
270 : * for the current session.
271 : */
272 137 : static bool _gnutls_has_cert_credentials(gnutls_session_t session,
273 : gnutls_certificate_type_t cert_type)
274 : {
275 137 : unsigned i;
276 137 : unsigned cert_found = 0;
277 137 : gnutls_certificate_credentials_t cred;
278 :
279 : /* First, check for certificate credentials. If we have no certificate
280 : * credentials set then we don't support certificates at all.
281 : */
282 137 : cred = (gnutls_certificate_credentials_t)
283 137 : _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
284 :
285 137 : if (cred == NULL)
286 : return false;
287 :
288 : /* There are credentials initialized. Now check whether we can find
289 : * pre-set certificates of the required type, but only if we don't
290 : * use the callback functions.
291 : */
292 137 : if (cred->get_cert_callback3 == NULL) {
293 175 : for (i = 0; i < cred->ncerts; i++) {
294 94 : if (cred->certs[i].cert_list[0].type == cert_type) {
295 : cert_found = 1;
296 : break;
297 : }
298 : }
299 :
300 131 : if (cert_found == 0) {
301 : /* No matching certificate found. */
302 81 : return false;
303 : }
304 : }
305 :
306 : return true; // OK
307 : }
308 :
309 : /* Check if the given certificate type is supported.
310 : * This means that it is enabled by the priority functions,
311 : * and in some cases a matching certificate exists. A check for
312 : * the latter can be toggled via the parameter @check_credentials.
313 : */
314 : int
315 228 : _gnutls_session_cert_type_supported(gnutls_session_t session,
316 : gnutls_certificate_type_t cert_type,
317 : bool check_credentials,
318 : gnutls_ctype_target_t target)
319 : {
320 228 : unsigned i;
321 228 : priority_st* ctype_priorities;
322 :
323 : // Check whether this cert type is enabled by the application
324 228 : if (!is_cert_type_enabled(session, cert_type))
325 0 : return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
326 :
327 : // Perform a credentials check if requested
328 228 : if (check_credentials) {
329 137 : if (!_gnutls_has_cert_credentials(session, cert_type))
330 81 : return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE);
331 : }
332 :
333 : /* So far so good. We have the required credentials (if needed).
334 : * Now check whether we are allowed to use them according to our
335 : * priorities.
336 : */
337 : // Which certificate type should we query?
338 147 : switch (target) {
339 38 : case GNUTLS_CTYPE_CLIENT:
340 38 : ctype_priorities =
341 38 : &(session->internals.priorities->client_ctype);
342 38 : break;
343 109 : case GNUTLS_CTYPE_SERVER:
344 109 : ctype_priorities =
345 109 : &(session->internals.priorities->server_ctype);
346 109 : break;
347 : default:
348 0 : return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
349 : }
350 :
351 : // No explicit priorities set, and default ctype is asked
352 147 : if (ctype_priorities->num_priorities == 0
353 0 : && cert_type == DEFAULT_CERT_TYPE)
354 : return 0;
355 :
356 : /* Now lets find out whether our cert type is in our priority
357 : * list, i.e. set of allowed cert types.
358 : */
359 243 : for (i = 0; i < ctype_priorities->num_priorities; i++) {
360 241 : if (ctype_priorities->priorities[i] == cert_type)
361 : return 0;
362 : }
363 :
364 : return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
365 : }
366 :
367 37400 : static void deinit_keys(gnutls_session_t session)
368 : {
369 37400 : const version_entry_st *vers = get_version(session);
370 :
371 37400 : if (vers == NULL)
372 : return;
373 :
374 37383 : gnutls_pk_params_release(&session->key.kshare.ecdhx_params);
375 37383 : gnutls_pk_params_release(&session->key.kshare.ecdh_params);
376 37383 : gnutls_pk_params_release(&session->key.kshare.dh_params);
377 :
378 37383 : if (!vers->tls13_sem && session->key.binders[0].prf == NULL) {
379 24842 : gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
380 24842 : gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
381 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.x);
382 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.y);
383 24842 : _gnutls_free_temp_key_datum(&session->key.proto.tls12.ecdh.raw);
384 :
385 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.dh.client_Y);
386 :
387 : /* SRP */
388 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_p);
389 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_g);
390 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_key);
391 :
392 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
393 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.a);
394 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.x);
395 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.A);
396 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.B);
397 24842 : zrelease_temp_mpi_key(&session->key.proto.tls12.srp.b);
398 : } else {
399 12541 : gnutls_memset(session->key.proto.tls13.temp_secret, 0,
400 : sizeof(session->key.proto.tls13.temp_secret));
401 : }
402 :
403 37383 : reset_binders(session);
404 37383 : _gnutls_free_temp_key_datum(&session->key.key);
405 : }
406 :
407 : /* An internal version of _gnutls_handshake_internal_state_clear(),
408 : * it will not attempt to deallocate, only initialize */
409 60505 : static void handshake_internal_state_clear1(gnutls_session_t session)
410 : {
411 : /* by default no selected certificate */
412 60505 : session->internals.adv_version_major = 0;
413 60505 : session->internals.adv_version_minor = 0;
414 60505 : session->internals.direction = 0;
415 :
416 : /* use out of band data for the last
417 : * handshake messages received.
418 : */
419 60505 : session->internals.last_handshake_in = -1;
420 60505 : session->internals.last_handshake_out = -1;
421 :
422 60505 : session->internals.resumable = RESUME_TRUE;
423 :
424 60505 : session->internals.handshake_suspicious_loops = 0;
425 60505 : session->internals.dtls.hsk_read_seq = 0;
426 60505 : session->internals.dtls.hsk_write_seq = 0;
427 :
428 60505 : session->internals.cand_ec_group = 0;
429 60505 : session->internals.cand_dh_group = 0;
430 :
431 60505 : session->internals.hrr_cs[0] = CS_INVALID_MAJOR;
432 60505 : session->internals.hrr_cs[1] = CS_INVALID_MINOR;
433 60505 : }
434 :
435 : /* This function will clear all the variables in internals
436 : * structure within the session, which depend on the current handshake.
437 : * This is used to allow further handshakes.
438 : */
439 37400 : void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
440 : {
441 37400 : handshake_internal_state_clear1(session);
442 :
443 37400 : _gnutls_handshake_hash_buffers_clear(session);
444 37400 : deinit_keys(session);
445 :
446 37400 : _gnutls_epoch_gc(session);
447 :
448 37400 : session->internals.handshake_abs_timeout.tv_sec = 0;
449 37400 : session->internals.handshake_abs_timeout.tv_nsec = 0;
450 37400 : session->internals.handshake_in_progress = 0;
451 :
452 37400 : session->internals.tfo.connect_addrlen = 0;
453 37400 : session->internals.tfo.connect_only = 0;
454 37400 : session->internals.early_data_received = 0;
455 37400 : }
456 :
457 : /**
458 : * gnutls_init:
459 : * @session: is a pointer to a #gnutls_session_t type.
460 : * @flags: indicate if this session is to be used for server or client.
461 : *
462 : * This function initializes the provided session. Every
463 : * session must be initialized before use, and must be deinitialized
464 : * after used by calling gnutls_deinit().
465 : *
466 : * @flags can be any combination of flags from %gnutls_init_flags_t.
467 : *
468 : * Note that since version 3.1.2 this function enables some common
469 : * TLS extensions such as session tickets and OCSP certificate status
470 : * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS
471 : * flag.
472 : *
473 : * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
474 : **/
475 23105 : int gnutls_init(gnutls_session_t * session, unsigned int flags)
476 : {
477 23105 : int ret;
478 :
479 23105 : FAIL_IF_LIB_ERROR;
480 :
481 23105 : *session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
482 23105 : if (*session == NULL)
483 : return GNUTLS_E_MEMORY_ERROR;
484 :
485 23105 : ret = gnutls_mutex_init(&(*session)->internals.post_negotiation_lock);
486 23105 : if (ret < 0) {
487 0 : gnutls_assert();
488 0 : gnutls_free(*session);
489 0 : return ret;
490 : }
491 :
492 23105 : ret = gnutls_mutex_init(&(*session)->internals.epoch_lock);
493 23105 : if (ret < 0) {
494 0 : gnutls_assert();
495 0 : gnutls_mutex_deinit(&(*session)->internals.post_negotiation_lock);
496 0 : gnutls_free(*session);
497 0 : return ret;
498 : }
499 :
500 23105 : ret = _gnutls_epoch_setup_next(*session, 1, NULL);
501 23105 : if (ret < 0) {
502 0 : gnutls_mutex_deinit(&(*session)->internals.post_negotiation_lock);
503 0 : gnutls_mutex_deinit(&(*session)->internals.epoch_lock);
504 0 : gnutls_free(*session);
505 0 : return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
506 : }
507 23105 : _gnutls_epoch_bump(*session);
508 :
509 46210 : (*session)->security_parameters.entity =
510 23105 : (flags & GNUTLS_SERVER ? GNUTLS_SERVER : GNUTLS_CLIENT);
511 :
512 : /* the default certificate type for TLS */
513 23105 : (*session)->security_parameters.client_ctype = DEFAULT_CERT_TYPE;
514 23105 : (*session)->security_parameters.server_ctype = DEFAULT_CERT_TYPE;
515 :
516 : /* Initialize buffers */
517 23105 : _gnutls_buffer_init(&(*session)->internals.handshake_hash_buffer);
518 23105 : _gnutls_buffer_init(&(*session)->internals.post_handshake_hash_buffer);
519 23105 : _gnutls_buffer_init(&(*session)->internals.hb_remote_data);
520 23105 : _gnutls_buffer_init(&(*session)->internals.hb_local_data);
521 23105 : _gnutls_buffer_init(&(*session)->internals.record_presend_buffer);
522 23105 : _gnutls_buffer_init(&(*session)->internals.record_key_update_buffer);
523 23105 : _gnutls_buffer_init(&(*session)->internals.reauth_buffer);
524 :
525 23105 : _mbuffer_head_init(&(*session)->internals.record_buffer);
526 23105 : _mbuffer_head_init(&(*session)->internals.record_send_buffer);
527 23105 : _mbuffer_head_init(&(*session)->internals.record_recv_buffer);
528 23105 : _mbuffer_head_init(&(*session)->internals.early_data_recv_buffer);
529 23105 : _gnutls_buffer_init(&(*session)->internals.early_data_presend_buffer);
530 :
531 23105 : _mbuffer_head_init(&(*session)->internals.handshake_send_buffer);
532 23105 : _gnutls_handshake_recv_buffer_init(*session);
533 :
534 23105 : (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME;
535 :
536 : /* Ticket key rotation - set the default X to 3 times the ticket expire time */
537 23105 : (*session)->key.totp.last_result = 0;
538 :
539 23105 : gnutls_handshake_set_max_packet_length((*session),
540 : MAX_HANDSHAKE_PACKET_SIZE);
541 :
542 : /* set the socket pointers to -1;
543 : */
544 23105 : (*session)->internals.transport_recv_ptr =
545 : (gnutls_transport_ptr_t) - 1;
546 23105 : (*session)->internals.transport_send_ptr =
547 : (gnutls_transport_ptr_t) - 1;
548 :
549 : /* set the default maximum record size for TLS
550 : */
551 23105 : (*session)->security_parameters.max_record_recv_size =
552 : DEFAULT_MAX_RECORD_SIZE;
553 23105 : (*session)->security_parameters.max_record_send_size =
554 : DEFAULT_MAX_RECORD_SIZE;
555 23105 : (*session)->security_parameters.max_user_record_recv_size =
556 : DEFAULT_MAX_RECORD_SIZE;
557 23105 : (*session)->security_parameters.max_user_record_send_size =
558 : DEFAULT_MAX_RECORD_SIZE;
559 :
560 : /* set the default early data size for TLS
561 : */
562 23105 : if ((*session)->security_parameters.entity == GNUTLS_SERVER) {
563 19517 : (*session)->security_parameters.max_early_data_size =
564 : DEFAULT_MAX_EARLY_DATA_SIZE;
565 : } else {
566 3588 : (*session)->security_parameters.max_early_data_size =
567 : UINT32_MAX;
568 : }
569 :
570 : /* Everything else not initialized here is initialized as NULL
571 : * or 0. This is why calloc is used. However, we want to
572 : * ensure that certain portions of data are initialized at
573 : * runtime before being used. Mark such regions with a
574 : * valgrind client request as undefined.
575 : */
576 : #ifdef HAVE_VALGRIND_MEMCHECK_H
577 : if (RUNNING_ON_VALGRIND) {
578 : if (flags & GNUTLS_CLIENT)
579 : VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random,
580 : GNUTLS_RANDOM_SIZE);
581 : if (flags & GNUTLS_SERVER) {
582 : VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random,
583 : GNUTLS_RANDOM_SIZE);
584 : VALGRIND_MAKE_MEM_UNDEFINED((*session)->key.session_ticket_key,
585 : TICKET_MASTER_KEY_SIZE);
586 : }
587 : }
588 : #endif
589 23105 : handshake_internal_state_clear1(*session);
590 :
591 : #ifdef HAVE_WRITEV
592 : #ifdef MSG_NOSIGNAL
593 23105 : if (flags & GNUTLS_NO_SIGNAL)
594 1 : gnutls_transport_set_vec_push_function(*session, system_writev_nosignal);
595 : else
596 : #endif
597 23104 : gnutls_transport_set_vec_push_function(*session, system_writev);
598 : #else
599 : gnutls_transport_set_push_function(*session, system_write);
600 : #endif
601 23105 : (*session)->internals.pull_timeout_func = gnutls_system_recv_timeout;
602 23105 : (*session)->internals.pull_func = system_read;
603 23105 : (*session)->internals.errno_func = system_errno;
604 :
605 23105 : (*session)->internals.saved_username_size = -1;
606 :
607 : /* heartbeat timeouts */
608 23105 : (*session)->internals.hb_retrans_timeout_ms = 1000;
609 23105 : (*session)->internals.hb_total_timeout_ms = 60000;
610 :
611 23105 : if (flags & GNUTLS_DATAGRAM) {
612 589 : (*session)->internals.dtls.mtu = DTLS_DEFAULT_MTU;
613 589 : (*session)->internals.transport = GNUTLS_DGRAM;
614 :
615 589 : gnutls_dtls_set_timeouts(*session, DTLS_RETRANS_TIMEOUT, 60000);
616 : } else {
617 22516 : (*session)->internals.transport = GNUTLS_STREAM;
618 : }
619 :
620 : /* Enable useful extensions */
621 23105 : if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) {
622 : #ifdef ENABLE_OCSP
623 3582 : gnutls_ocsp_status_request_enable_client(*session, NULL, 0,
624 : NULL);
625 : #endif
626 : }
627 :
628 : /* session tickets in server side are enabled by setting a key */
629 23105 : if (flags & GNUTLS_SERVER)
630 19517 : flags |= GNUTLS_NO_TICKETS;
631 :
632 23105 : (*session)->internals.flags = flags;
633 :
634 23105 : if (_gnutls_disable_tls13 != 0)
635 20 : (*session)->internals.flags |= INT_FLAG_NO_TLS13;
636 :
637 : /* Install the default keylog function */
638 23105 : gnutls_session_set_keylog_function(*session, _gnutls_nss_keylog_func);
639 :
640 23105 : return 0;
641 : }
642 :
643 : /* returns RESUME_FALSE or RESUME_TRUE.
644 : */
645 0 : int _gnutls_session_is_resumable(gnutls_session_t session)
646 : {
647 0 : return session->internals.resumable;
648 : }
649 :
650 :
651 : /**
652 : * gnutls_deinit:
653 : * @session: is a #gnutls_session_t type.
654 : *
655 : * This function clears all buffers associated with the @session.
656 : * This function will also remove session data from the session
657 : * database if the session was terminated abnormally.
658 : **/
659 23004 : void gnutls_deinit(gnutls_session_t session)
660 : {
661 23004 : unsigned int i;
662 :
663 23004 : if (session == NULL)
664 : return;
665 :
666 : /* remove auth info firstly */
667 23004 : _gnutls_free_auth_info(session);
668 :
669 23004 : _gnutls_handshake_internal_state_clear(session);
670 23004 : _gnutls_handshake_io_buffer_clear(session);
671 23004 : _gnutls_hello_ext_priv_deinit(session);
672 :
673 138024 : for (i = 0; i < MAX_EPOCH_INDEX; i++)
674 92016 : if (session->record_parameters[i] != NULL) {
675 31949 : _gnutls_epoch_free(session,
676 : session->record_parameters[i]);
677 31949 : session->record_parameters[i] = NULL;
678 : }
679 :
680 23004 : _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
681 23004 : _gnutls_buffer_clear(&session->internals.post_handshake_hash_buffer);
682 23004 : _gnutls_buffer_clear(&session->internals.hb_remote_data);
683 23004 : _gnutls_buffer_clear(&session->internals.hb_local_data);
684 23004 : _gnutls_buffer_clear(&session->internals.record_presend_buffer);
685 23004 : _gnutls_buffer_clear(&session->internals.record_key_update_buffer);
686 23004 : _gnutls_buffer_clear(&session->internals.reauth_buffer);
687 :
688 23004 : _mbuffer_head_clear(&session->internals.record_buffer);
689 23004 : _mbuffer_head_clear(&session->internals.record_recv_buffer);
690 23004 : _mbuffer_head_clear(&session->internals.record_send_buffer);
691 :
692 23004 : _mbuffer_head_clear(&session->internals.early_data_recv_buffer);
693 23004 : _gnutls_buffer_clear(&session->internals.early_data_presend_buffer);
694 :
695 23004 : _gnutls_free_datum(&session->internals.resumption_data);
696 23004 : _gnutls_free_datum(&session->internals.dtls.dcookie);
697 :
698 23087 : for (i = 0; i < session->internals.rexts_size; i++)
699 83 : gnutls_free(session->internals.rexts[i].name);
700 23004 : gnutls_free(session->internals.rexts);
701 23004 : gnutls_free(session->internals.post_handshake_cr_context.data);
702 :
703 23004 : gnutls_free(session->internals.rsup);
704 :
705 23004 : gnutls_credentials_clear(session);
706 23004 : _gnutls_selected_certs_deinit(session);
707 :
708 : /* destroy any session ticket we may have received */
709 23004 : tls13_ticket_deinit(&session->internals.tls13_ticket);
710 :
711 : /* we rely on priorities' internal reference counting */
712 23004 : gnutls_priority_deinit(session->internals.priorities);
713 :
714 : /* overwrite any temp TLS1.3 keys */
715 23004 : gnutls_memset(&session->key.proto, 0, sizeof(session->key.proto));
716 :
717 : /* clear session ticket keys */
718 23004 : gnutls_memset(&session->key.session_ticket_key, 0,
719 : TICKET_MASTER_KEY_SIZE);
720 23004 : gnutls_memset(&session->key.previous_ticket_key, 0,
721 : TICKET_MASTER_KEY_SIZE);
722 23004 : gnutls_memset(&session->key.initial_stek, 0,
723 : TICKET_MASTER_KEY_SIZE);
724 :
725 23004 : gnutls_mutex_deinit(&session->internals.post_negotiation_lock);
726 23004 : gnutls_mutex_deinit(&session->internals.epoch_lock);
727 :
728 23004 : gnutls_free(session);
729 : }
730 :
731 2223 : int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public)
732 : {
733 2223 : dh_info_st *dh;
734 2223 : int ret;
735 :
736 2223 : switch (gnutls_auth_get_type(session)) {
737 : case GNUTLS_CRD_ANON:
738 : {
739 104 : anon_auth_info_t info;
740 104 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
741 104 : if (info == NULL)
742 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
743 :
744 104 : dh = &info->dh;
745 104 : break;
746 : }
747 : case GNUTLS_CRD_PSK:
748 : {
749 391 : psk_auth_info_t info;
750 391 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
751 391 : if (info == NULL)
752 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
753 :
754 391 : dh = &info->dh;
755 391 : break;
756 : }
757 : case GNUTLS_CRD_CERTIFICATE:
758 : {
759 1385 : cert_auth_info_t info;
760 :
761 1385 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
762 1385 : if (info == NULL)
763 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
764 :
765 1385 : dh = &info->dh;
766 1385 : break;
767 : }
768 : default:
769 343 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
770 : }
771 :
772 1880 : if (dh->public_key.data)
773 8 : _gnutls_free_datum(&dh->public_key);
774 :
775 1880 : ret = _gnutls_mpi_dprint_lz(public, &dh->public_key);
776 1880 : if (ret < 0) {
777 0 : gnutls_assert();
778 0 : return ret;
779 : }
780 :
781 : return 0;
782 : }
783 :
784 2388 : int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits)
785 : {
786 2388 : switch (gnutls_auth_get_type(session)) {
787 : case GNUTLS_CRD_ANON:
788 : {
789 104 : anon_auth_info_t info;
790 104 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
791 104 : if (info == NULL)
792 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
793 104 : info->dh.secret_bits = bits;
794 104 : break;
795 : }
796 : case GNUTLS_CRD_PSK:
797 : {
798 464 : psk_auth_info_t info;
799 464 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
800 464 : if (info == NULL)
801 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
802 464 : info->dh.secret_bits = bits;
803 464 : break;
804 : }
805 : case GNUTLS_CRD_CERTIFICATE:
806 : {
807 1470 : cert_auth_info_t info;
808 :
809 1470 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
810 1470 : if (info == NULL)
811 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
812 :
813 1470 : info->dh.secret_bits = bits;
814 1470 : break;
815 : default:
816 350 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
817 : }
818 : }
819 :
820 : return 0;
821 : }
822 :
823 : /* Sets the prime and the generator in the auth info structure.
824 : */
825 : int
826 2397 : _gnutls_dh_save_group(gnutls_session_t session, bigint_t gen,
827 : bigint_t prime)
828 : {
829 2397 : dh_info_st *dh;
830 2397 : int ret;
831 :
832 2397 : switch (gnutls_auth_get_type(session)) {
833 : case GNUTLS_CRD_ANON:
834 : {
835 104 : anon_auth_info_t info;
836 104 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON);
837 104 : if (info == NULL)
838 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
839 :
840 104 : dh = &info->dh;
841 104 : break;
842 : }
843 : case GNUTLS_CRD_PSK:
844 : {
845 469 : psk_auth_info_t info;
846 469 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK);
847 469 : if (info == NULL)
848 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
849 :
850 469 : dh = &info->dh;
851 469 : break;
852 : }
853 : case GNUTLS_CRD_CERTIFICATE:
854 : {
855 1474 : cert_auth_info_t info;
856 :
857 1474 : info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
858 1474 : if (info == NULL)
859 0 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
860 :
861 1474 : dh = &info->dh;
862 1474 : break;
863 : }
864 : default:
865 350 : return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
866 : }
867 :
868 2047 : if (dh->prime.data)
869 8 : _gnutls_free_datum(&dh->prime);
870 :
871 2047 : if (dh->generator.data)
872 8 : _gnutls_free_datum(&dh->generator);
873 :
874 : /* prime
875 : */
876 2047 : ret = _gnutls_mpi_dprint_lz(prime, &dh->prime);
877 2047 : if (ret < 0) {
878 0 : gnutls_assert();
879 0 : return ret;
880 : }
881 :
882 : /* generator
883 : */
884 2047 : ret = _gnutls_mpi_dprint_lz(gen, &dh->generator);
885 2047 : if (ret < 0) {
886 0 : gnutls_assert();
887 0 : _gnutls_free_datum(&dh->prime);
888 0 : return ret;
889 : }
890 :
891 : return 0;
892 : }
893 :
894 : /**
895 : * gnutls_certificate_send_x509_rdn_sequence:
896 : * @session: a #gnutls_session_t type.
897 : * @status: is 0 or 1
898 : *
899 : * If status is non zero, this function will order gnutls not to send
900 : * the rdnSequence in the certificate request message. That is the
901 : * server will not advertise its trusted CAs to the peer. If status
902 : * is zero then the default behaviour will take effect, which is to
903 : * advertise the server's trusted CAs.
904 : *
905 : * This function has no effect in clients, and in authentication
906 : * methods other than certificate with X.509 certificates.
907 : **/
908 : void
909 0 : gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
910 : int status)
911 : {
912 0 : session->internals.ignore_rdn_sequence = status;
913 0 : }
914 :
915 : /*-
916 : * _gnutls_record_set_default_version - Used to set the default version for the first record packet
917 : * @session: is a #gnutls_session_t type.
918 : * @major: is a tls major version
919 : * @minor: is a tls minor version
920 : *
921 : * This function sets the default version that we will use in the first
922 : * record packet (client hello). This function is only useful to people
923 : * that know TLS internals and want to debug other implementations.
924 : -*/
925 : void
926 9 : _gnutls_record_set_default_version(gnutls_session_t session,
927 : unsigned char major,
928 : unsigned char minor)
929 : {
930 9 : session->internals.default_record_version[0] = major;
931 9 : session->internals.default_record_version[1] = minor;
932 9 : }
933 :
934 : /*-
935 : * _gnutls_hello_set_default_version - Used to set the default version for the first record packet
936 : * @session: is a #gnutls_session_t type.
937 : * @major: is a tls major version
938 : * @minor: is a tls minor version
939 : *
940 : * This function sets the default version that we will use in the first
941 : * record packet (client hello). This function is only useful to people
942 : * that know TLS internals and want to debug other implementations.
943 : -*/
944 : void
945 15 : _gnutls_hello_set_default_version(gnutls_session_t session,
946 : unsigned char major,
947 : unsigned char minor)
948 : {
949 15 : session->internals.default_hello_version[0] = major;
950 15 : session->internals.default_hello_version[1] = minor;
951 15 : }
952 :
953 : /**
954 : * gnutls_handshake_set_private_extensions:
955 : * @session: is a #gnutls_session_t type.
956 : * @allow: is an integer (0 or 1)
957 : *
958 : * This function will enable or disable the use of private cipher
959 : * suites (the ones that start with 0xFF). By default or if @allow
960 : * is 0 then these cipher suites will not be advertised nor used.
961 : *
962 : * Currently GnuTLS does not include such cipher-suites or
963 : * compression algorithms.
964 : *
965 : * Enabling the private ciphersuites when talking to other than
966 : * gnutls servers and clients may cause interoperability problems.
967 : **/
968 : void
969 10135 : gnutls_handshake_set_private_extensions(gnutls_session_t session,
970 : int allow)
971 : {
972 : /* we have no private extensions */
973 10135 : return;
974 : }
975 :
976 :
977 : /**
978 : * gnutls_session_is_resumed:
979 : * @session: is a #gnutls_session_t type.
980 : *
981 : * Checks whether session is resumed or not. This is functional
982 : * for both server and client side.
983 : *
984 : * Returns: non zero if this session is resumed, or a zero if this is
985 : * a new session.
986 : **/
987 8076 : int gnutls_session_is_resumed(gnutls_session_t session)
988 : {
989 8076 : if (session->security_parameters.entity == GNUTLS_CLIENT) {
990 695 : const version_entry_st *ver = get_version(session);
991 695 : if (ver && ver->tls13_sem &&
992 78 : session->internals.resumed != RESUME_FALSE)
993 : return 1;
994 :
995 644 : if (session->security_parameters.session_id_size > 0 &&
996 : session->security_parameters.session_id_size ==
997 617 : session->internals.resumed_security_parameters.
998 : session_id_size
999 173 : && memcmp(session->security_parameters.session_id,
1000 : session->
1001 173 : internals.resumed_security_parameters.
1002 : session_id,
1003 : session->security_parameters.
1004 : session_id_size) == 0)
1005 115 : return 1;
1006 : } else {
1007 7381 : if (session->internals.resumed != RESUME_FALSE)
1008 914 : return 1;
1009 : }
1010 :
1011 : return 0;
1012 : }
1013 :
1014 : /**
1015 : * gnutls_session_resumption_requested:
1016 : * @session: is a #gnutls_session_t type.
1017 : *
1018 : * Check whether the client has asked for session resumption.
1019 : * This function is valid only on server side.
1020 : *
1021 : * Returns: non zero if session resumption was asked, or a zero if not.
1022 : **/
1023 812 : int gnutls_session_resumption_requested(gnutls_session_t session)
1024 : {
1025 812 : if (session->security_parameters.entity == GNUTLS_CLIENT) {
1026 : return 0;
1027 : } else {
1028 810 : return session->internals.resumption_requested;
1029 : }
1030 : }
1031 :
1032 : /*-
1033 : * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
1034 : * @session: is a #gnutls_session_t type.
1035 : *
1036 : * This function will return non zero if this session uses a PSK key
1037 : * exchange algorithm.
1038 : -*/
1039 6981150 : int _gnutls_session_is_psk(gnutls_session_t session)
1040 : {
1041 6981150 : gnutls_kx_algorithm_t kx;
1042 :
1043 6981150 : kx = session->security_parameters.cs->kx_algorithm;
1044 6981150 : if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
1045 6981150 : || kx == GNUTLS_KX_RSA_PSK)
1046 150 : return 1;
1047 :
1048 : return 0;
1049 : }
1050 :
1051 : /*-
1052 : * _gnutls_session_is_ecc - Used to check whether this session uses ECC kx
1053 : * @session: is a #gnutls_session_t type.
1054 : *
1055 : * This function will return non zero if this session uses an elliptic
1056 : * curves key exchange exchange algorithm.
1057 : -*/
1058 3275 : int _gnutls_session_is_ecc(gnutls_session_t session)
1059 : {
1060 3275 : gnutls_kx_algorithm_t kx;
1061 :
1062 : /* We get the key exchange algorithm through the ciphersuite because
1063 : * the negotiated key exchange might not have been set yet.
1064 : */
1065 3275 : kx = session->security_parameters.cs->kx_algorithm;
1066 :
1067 3275 : return _gnutls_kx_is_ecc(kx);
1068 : }
1069 :
1070 : /**
1071 : * gnutls_session_get_ptr:
1072 : * @session: is a #gnutls_session_t type.
1073 : *
1074 : * Get user pointer for session. Useful in callbacks. This is the
1075 : * pointer set with gnutls_session_set_ptr().
1076 : *
1077 : * Returns: the user given pointer from the session structure, or
1078 : * %NULL if it was never set.
1079 : **/
1080 1338 : void *gnutls_session_get_ptr(gnutls_session_t session)
1081 : {
1082 1338 : return session->internals.user_ptr;
1083 : }
1084 :
1085 : /**
1086 : * gnutls_session_set_ptr:
1087 : * @session: is a #gnutls_session_t type.
1088 : * @ptr: is the user pointer
1089 : *
1090 : * This function will set (associate) the user given pointer @ptr to
1091 : * the session structure. This pointer can be accessed with
1092 : * gnutls_session_get_ptr().
1093 : **/
1094 10335 : void gnutls_session_set_ptr(gnutls_session_t session, void *ptr)
1095 : {
1096 10335 : session->internals.user_ptr = ptr;
1097 10335 : }
1098 :
1099 : /**
1100 : * gnutls_session_set_verify_function:
1101 : * @session: is a #gnutls_session_t type.
1102 : * @func: is the callback function
1103 : *
1104 : * This function sets a callback to be called when peer's certificate
1105 : * has been received in order to verify it on receipt rather than
1106 : * doing after the handshake is completed. This overrides any callback
1107 : * set using gnutls_certificate_set_verify_function().
1108 : *
1109 : * The callback's function prototype is:
1110 : * int (*callback)(gnutls_session_t);
1111 : *
1112 : * If the callback function is provided then gnutls will call it, in the
1113 : * handshake, just after the certificate message has been received.
1114 : * To verify or obtain the certificate the gnutls_certificate_verify_peers2(),
1115 : * gnutls_certificate_type_get(), gnutls_certificate_get_peers() functions
1116 : * can be used.
1117 : *
1118 : * The callback function should return 0 for the handshake to continue
1119 : * or non-zero to terminate.
1120 : *
1121 : * Since: 3.4.6
1122 : **/
1123 : void
1124 24 : gnutls_session_set_verify_function
1125 : (gnutls_session_t session,
1126 : gnutls_certificate_verify_function * func)
1127 : {
1128 24 : session->internals.verify_callback = func;
1129 24 : }
1130 :
1131 : /**
1132 : * gnutls_record_get_direction:
1133 : * @session: is a #gnutls_session_t type.
1134 : *
1135 : * This function is useful to determine whether a GnuTLS function was interrupted
1136 : * while sending or receiving, so that select() or poll() may be called appropriately.
1137 : *
1138 : * It provides information about the internals of the record
1139 : * protocol and is only useful if a prior gnutls function call,
1140 : * e.g. gnutls_handshake(), was interrupted and returned
1141 : * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN. After such an interrupt
1142 : * applications may call select() or poll() before restoring the
1143 : * interrupted GnuTLS function.
1144 : *
1145 : * This function's output is unreliable if you are using the same
1146 : * @session in different threads for sending and receiving.
1147 : *
1148 : * Returns: 0 if interrupted while trying to read data, or 1 while trying to write data.
1149 : **/
1150 274 : int gnutls_record_get_direction(gnutls_session_t session)
1151 : {
1152 274 : return session->internals.direction;
1153 : }
1154 :
1155 : /*-
1156 : * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1157 : * @session: is a #gnutls_session_t type.
1158 : * @major: is the major version to use
1159 : * @minor: is the minor version to use
1160 : *
1161 : * This function will set the given version number to be used at the
1162 : * RSA PMS secret. This is only useful to clients, which want to
1163 : * test server's capabilities.
1164 : -*/
1165 : void
1166 5 : _gnutls_rsa_pms_set_version(gnutls_session_t session,
1167 : unsigned char major, unsigned char minor)
1168 : {
1169 5 : session->internals.rsa_pms_version[0] = major;
1170 5 : session->internals.rsa_pms_version[1] = minor;
1171 5 : }
1172 :
1173 31 : void _gnutls_session_client_cert_type_set(gnutls_session_t session,
1174 : gnutls_certificate_type_t ct)
1175 : {
1176 31 : _gnutls_handshake_log
1177 : ("HSK[%p]: Selected client certificate type %s (%d)\n", session,
1178 : gnutls_certificate_type_get_name(ct), ct);
1179 31 : session->security_parameters.client_ctype = ct;
1180 31 : }
1181 :
1182 72 : void _gnutls_session_server_cert_type_set(gnutls_session_t session,
1183 : gnutls_certificate_type_t ct)
1184 : {
1185 72 : _gnutls_handshake_log
1186 : ("HSK[%p]: Selected server certificate type %s (%d)\n", session,
1187 : gnutls_certificate_type_get_name(ct), ct);
1188 72 : session->security_parameters.server_ctype = ct;
1189 72 : }
1190 :
1191 : /**
1192 : * gnutls_handshake_set_post_client_hello_function:
1193 : * @session: is a #gnutls_session_t type.
1194 : * @func: is the function to be called
1195 : *
1196 : * This function will set a callback to be called after the client
1197 : * hello has been received (callback valid in server side only). This
1198 : * allows the server to adjust settings based on received extensions.
1199 : *
1200 : * Those settings could be ciphersuites, requesting certificate, or
1201 : * anything else except for version negotiation (this is done before
1202 : * the hello message is parsed).
1203 : *
1204 : * This callback must return 0 on success or a gnutls error code to
1205 : * terminate the handshake.
1206 : *
1207 : * Since GnuTLS 3.3.5 the callback is
1208 : * allowed to return %GNUTLS_E_AGAIN or %GNUTLS_E_INTERRUPTED to
1209 : * put the handshake on hold. In that case gnutls_handshake()
1210 : * will return %GNUTLS_E_INTERRUPTED and can be resumed when needed.
1211 : *
1212 : * Warning: You should not use this function to terminate the
1213 : * handshake based on client input unless you know what you are
1214 : * doing. Before the handshake is finished there is no way to know if
1215 : * there is a man-in-the-middle attack being performed.
1216 : **/
1217 : void
1218 226 : gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
1219 : gnutls_handshake_simple_hook_func func)
1220 : {
1221 226 : session->internals.user_hello_func = func;
1222 226 : }
1223 :
1224 :
1225 : /**
1226 : * gnutls_session_enable_compatibility_mode:
1227 : * @session: is a #gnutls_session_t type.
1228 : *
1229 : * This function can be used to disable certain (security) features in
1230 : * TLS in order to maintain maximum compatibility with buggy
1231 : * clients. Because several trade-offs with security are enabled,
1232 : * if required they will be reported through the audit subsystem.
1233 : *
1234 : * Normally only servers that require maximum compatibility with
1235 : * everything out there, need to call this function.
1236 : *
1237 : * Note that this function must be called after any call to gnutls_priority
1238 : * functions.
1239 : *
1240 : * Since: 2.1.4
1241 : **/
1242 0 : void gnutls_session_enable_compatibility_mode(gnutls_session_t session)
1243 : {
1244 0 : ENABLE_COMPAT(&session->internals);
1245 0 : }
1246 :
1247 : /**
1248 : * gnutls_session_channel_binding:
1249 : * @session: is a #gnutls_session_t type.
1250 : * @cbtype: an #gnutls_channel_binding_t enumeration type
1251 : * @cb: output buffer array with data
1252 : *
1253 : * Extract given channel binding data of the @cbtype (e.g.,
1254 : * %GNUTLS_CB_TLS_UNIQUE) type.
1255 : *
1256 : * Returns: %GNUTLS_E_SUCCESS on success,
1257 : * %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
1258 : * %GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE if the data is not
1259 : * currently available, or an error code.
1260 : *
1261 : * Since: 2.12.0
1262 : **/
1263 : int
1264 6046 : gnutls_session_channel_binding(gnutls_session_t session,
1265 : gnutls_channel_binding_t cbtype,
1266 : gnutls_datum_t * cb)
1267 : {
1268 6046 : if (cbtype != GNUTLS_CB_TLS_UNIQUE)
1269 : return GNUTLS_E_UNIMPLEMENTED_FEATURE;
1270 :
1271 6046 : if (!session->internals.initial_negotiation_completed)
1272 : return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
1273 :
1274 6046 : cb->size = session->internals.cb_tls_unique_len;
1275 6046 : cb->data = gnutls_malloc(cb->size);
1276 6046 : if (cb->data == NULL)
1277 : return GNUTLS_E_MEMORY_ERROR;
1278 :
1279 6046 : memcpy(cb->data, session->internals.cb_tls_unique, cb->size);
1280 :
1281 6046 : return 0;
1282 : }
1283 :
1284 : /**
1285 : * gnutls_ecc_curve_get:
1286 : * @session: is a #gnutls_session_t type.
1287 : *
1288 : * Returns the currently used elliptic curve for key exchange. Only valid
1289 : * when using an elliptic curve ciphersuite.
1290 : *
1291 : * Returns: the currently used curve, a #gnutls_ecc_curve_t
1292 : * type.
1293 : *
1294 : * Since: 3.0
1295 : **/
1296 2049 : gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session)
1297 : {
1298 2049 : const gnutls_group_entry_st *e;
1299 :
1300 2049 : e = get_group(session);
1301 2049 : if (e == NULL || e->curve == 0)
1302 5 : return 0;
1303 : return e->curve;
1304 : }
1305 :
1306 : /**
1307 : * gnutls_group_get:
1308 : * @session: is a #gnutls_session_t type.
1309 : *
1310 : * Returns the currently used group for key exchange. Only valid
1311 : * when using an elliptic curve or DH ciphersuite.
1312 : *
1313 : * Returns: the currently used group, a #gnutls_group_t
1314 : * type.
1315 : *
1316 : * Since: 3.6.0
1317 : **/
1318 4701 : gnutls_group_t gnutls_group_get(gnutls_session_t session)
1319 : {
1320 4701 : const gnutls_group_entry_st *e;
1321 :
1322 4701 : e = get_group(session);
1323 4701 : if (e == NULL)
1324 : return 0;
1325 2940 : return e->id;
1326 : }
1327 :
1328 : /**
1329 : * gnutls_protocol_get_version:
1330 : * @session: is a #gnutls_session_t type.
1331 : *
1332 : * Get TLS version, a #gnutls_protocol_t value.
1333 : *
1334 : * Returns: The version of the currently used protocol.
1335 : **/
1336 6410 : gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session)
1337 : {
1338 6410 : return get_num_version(session);
1339 : }
1340 :
1341 : /**
1342 : * gnutls_session_get_random:
1343 : * @session: is a #gnutls_session_t type.
1344 : * @client: the client part of the random
1345 : * @server: the server part of the random
1346 : *
1347 : * This function returns pointers to the client and server
1348 : * random fields used in the TLS handshake. The pointers are
1349 : * not to be modified or deallocated.
1350 : *
1351 : * If a client random value has not yet been established, the output
1352 : * will be garbage.
1353 : *
1354 : * Since: 3.0
1355 : **/
1356 : void
1357 60 : gnutls_session_get_random(gnutls_session_t session,
1358 : gnutls_datum_t * client, gnutls_datum_t * server)
1359 : {
1360 60 : if (client) {
1361 35 : client->data = session->security_parameters.client_random;
1362 35 : client->size =
1363 : sizeof(session->security_parameters.client_random);
1364 : }
1365 :
1366 60 : if (server) {
1367 31 : server->data = session->security_parameters.server_random;
1368 31 : server->size =
1369 : sizeof(session->security_parameters.server_random);
1370 : }
1371 60 : }
1372 :
1373 : /**
1374 : * gnutls_session_get_master_secret:
1375 : * @session: is a #gnutls_session_t type.
1376 : * @secret: the session's master secret
1377 : *
1378 : * This function returns pointers to the master secret
1379 : * used in the TLS session. The pointers are not to be modified or deallocated.
1380 : *
1381 : * This function is only applicable under TLS 1.2 or earlier versions.
1382 : *
1383 : * Since: 3.5.0
1384 : **/
1385 : void
1386 6 : gnutls_session_get_master_secret(gnutls_session_t session, gnutls_datum_t *secret)
1387 : {
1388 6 : secret->data = session->security_parameters.master_secret;
1389 6 : secret->size = sizeof(session->security_parameters.master_secret);
1390 6 : }
1391 :
1392 22435000 : unsigned int timespec_sub_ms(struct timespec *a, struct timespec *b)
1393 : {
1394 22435000 : time_t dsecs;
1395 :
1396 22435000 : dsecs = a->tv_sec - b->tv_sec;
1397 22435000 : if (!INT_MULTIPLY_OVERFLOW(dsecs, 1000)) {
1398 22435000 : return (dsecs*1000 + (a->tv_nsec - b->tv_nsec) / (1000 * 1000));
1399 : } else {
1400 : return UINT_MAX;
1401 : }
1402 : }
1403 :
1404 : /**
1405 : * gnutls_handshake_set_random:
1406 : * @session: is a #gnutls_session_t type.
1407 : * @random: a random value of 32-bytes
1408 : *
1409 : * This function will explicitly set the server or client hello
1410 : * random value in the subsequent TLS handshake. The random value
1411 : * should be a 32-byte value.
1412 : *
1413 : * Note that this function should not normally be used as gnutls
1414 : * will select automatically a random value for the handshake.
1415 : *
1416 : * This function should not be used when resuming a session.
1417 : *
1418 : * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1419 : *
1420 : * Since 3.1.9
1421 : **/
1422 : int
1423 15 : gnutls_handshake_set_random(gnutls_session_t session,
1424 : const gnutls_datum_t * random)
1425 : {
1426 15 : if (random->size != GNUTLS_RANDOM_SIZE)
1427 : return GNUTLS_E_INVALID_REQUEST;
1428 :
1429 15 : session->internals.sc_random_set = 1;
1430 15 : if (session->security_parameters.entity == GNUTLS_CLIENT)
1431 8 : memcpy(session->internals.resumed_security_parameters.
1432 8 : client_random, random->data, random->size);
1433 : else
1434 7 : memcpy(session->internals.resumed_security_parameters.
1435 7 : server_random, random->data, random->size);
1436 :
1437 : return 0;
1438 : }
1439 :
1440 : /**
1441 : * gnutls_handshake_set_hook_function:
1442 : * @session: is a #gnutls_session_t type
1443 : * @htype: the %gnutls_handshake_description_t of the message to hook at
1444 : * @when: %GNUTLS_HOOK_* depending on when the hook function should be called
1445 : * @func: is the function to be called
1446 : *
1447 : * This function will set a callback to be called after or before the specified
1448 : * handshake message has been received or generated. This is a
1449 : * generalization of gnutls_handshake_set_post_client_hello_function().
1450 : *
1451 : * To call the hook function prior to the message being generated or processed
1452 : * use %GNUTLS_HOOK_PRE as @when parameter, %GNUTLS_HOOK_POST to call
1453 : * after, and %GNUTLS_HOOK_BOTH for both cases.
1454 : *
1455 : * This callback must return 0 on success or a gnutls error code to
1456 : * terminate the handshake.
1457 : *
1458 : * To hook at all handshake messages use an @htype of %GNUTLS_HANDSHAKE_ANY.
1459 : *
1460 : * Warning: You should not use this function to terminate the
1461 : * handshake based on client input unless you know what you are
1462 : * doing. Before the handshake is finished there is no way to know if
1463 : * there is a man-in-the-middle attack being performed.
1464 : **/
1465 : void
1466 219 : gnutls_handshake_set_hook_function(gnutls_session_t session,
1467 : unsigned int htype,
1468 : int when,
1469 : gnutls_handshake_hook_func func)
1470 : {
1471 219 : session->internals.h_hook = func;
1472 219 : session->internals.h_type = htype;
1473 219 : session->internals.h_post = when;
1474 219 : }
1475 :
1476 : /**
1477 : * gnutls_record_get_state:
1478 : * @session: is a #gnutls_session_t type
1479 : * @read: if non-zero the read parameters are returned, otherwise the write
1480 : * @mac_key: the key used for MAC (if a MAC is used)
1481 : * @IV: the initialization vector or nonce used
1482 : * @cipher_key: the cipher key
1483 : * @seq_number: A 64-bit sequence number
1484 : *
1485 : * This function will return the parameters of the current record state.
1486 : * These are only useful to be provided to an external off-loading device
1487 : * or subsystem. The returned values should be considered constant
1488 : * and valid for the lifetime of the session.
1489 : *
1490 : * In that case, to sync the state back you must call gnutls_record_set_state().
1491 : *
1492 : * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1493 : *
1494 : * Since 3.4.0
1495 : **/
1496 : int
1497 17 : gnutls_record_get_state(gnutls_session_t session,
1498 : unsigned read,
1499 : gnutls_datum_t *mac_key,
1500 : gnutls_datum_t *IV,
1501 : gnutls_datum_t *cipher_key,
1502 : unsigned char seq_number[8])
1503 : {
1504 17 : record_parameters_st *record_params;
1505 17 : record_state_st *record_state;
1506 17 : unsigned int epoch;
1507 17 : int ret;
1508 :
1509 17 : if (read)
1510 : epoch = EPOCH_READ_CURRENT;
1511 : else
1512 9 : epoch = EPOCH_WRITE_CURRENT;
1513 :
1514 17 : ret = _gnutls_epoch_get(session, epoch, &record_params);
1515 17 : if (ret < 0)
1516 0 : return gnutls_assert_val(ret);
1517 :
1518 17 : if (!record_params->initialized)
1519 0 : return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
1520 :
1521 17 : if (read)
1522 8 : record_state = &record_params->read;
1523 : else
1524 9 : record_state = &record_params->write;
1525 :
1526 17 : if (mac_key) {
1527 4 : mac_key->data = record_state->mac_key;
1528 4 : mac_key->size = record_state->mac_key_size;
1529 : }
1530 :
1531 17 : if (IV) {
1532 4 : IV->data = record_state->iv;
1533 4 : IV->size = record_state->iv_size;
1534 : }
1535 :
1536 17 : if (cipher_key) {
1537 4 : cipher_key->data = record_state->key;
1538 4 : cipher_key->size = record_state->key_size;
1539 : }
1540 :
1541 17 : if (seq_number)
1542 17 : _gnutls_write_uint64(record_state->sequence_number, seq_number);
1543 : return 0;
1544 : }
1545 :
1546 : /**
1547 : * gnutls_record_set_state:
1548 : * @session: is a #gnutls_session_t type
1549 : * @read: if non-zero the read parameters are returned, otherwise the write
1550 : * @seq_number: A 64-bit sequence number
1551 : *
1552 : * This function will set the sequence number in the current record state.
1553 : * This function is useful if sending and receiving are offloaded from
1554 : * gnutls. That is, if gnutls_record_get_state() was used.
1555 : *
1556 : * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1557 : *
1558 : * Since 3.4.0
1559 : **/
1560 : int
1561 9 : gnutls_record_set_state(gnutls_session_t session,
1562 : unsigned read,
1563 : const unsigned char seq_number[8])
1564 : {
1565 9 : record_parameters_st *record_params;
1566 9 : record_state_st *record_state;
1567 9 : int epoch, ret;
1568 :
1569 9 : if (read)
1570 : epoch = EPOCH_READ_CURRENT;
1571 : else
1572 5 : epoch = EPOCH_WRITE_CURRENT;
1573 :
1574 9 : ret = _gnutls_epoch_get(session, epoch, &record_params);
1575 9 : if (ret < 0)
1576 0 : return gnutls_assert_val(ret);
1577 :
1578 9 : if (!record_params->initialized)
1579 0 : return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
1580 :
1581 9 : if (read)
1582 4 : record_state = &record_params->read;
1583 : else
1584 5 : record_state = &record_params->write;
1585 :
1586 9 : record_state->sequence_number = _gnutls_read_uint64(seq_number);
1587 :
1588 9 : if (IS_DTLS(session)) {
1589 4 : _dtls_reset_window(record_params);
1590 : }
1591 :
1592 : return 0;
1593 : }
1594 :
1595 : /**
1596 : * gnutls_session_get_flags:
1597 : * @session: is a #gnutls_session_t type.
1598 : *
1599 : * This function will return a series (ORed) of flags, applicable
1600 : * for the current session.
1601 : *
1602 : * This replaces individual informational functions such as
1603 : * gnutls_safe_renegotiation_status(), gnutls_session_ext_master_secret_status(),
1604 : * etc.
1605 : *
1606 : * Returns: An ORed sequence of flags (see %gnutls_session_flags_t)
1607 : *
1608 : * Since: 3.5.0
1609 : **/
1610 293 : unsigned gnutls_session_get_flags(gnutls_session_t session)
1611 : {
1612 293 : unsigned flags = 0;
1613 :
1614 293 : if (gnutls_safe_renegotiation_status(session))
1615 245 : flags |= GNUTLS_SFLAGS_SAFE_RENEGOTIATION;
1616 293 : if (gnutls_session_ext_master_secret_status(session))
1617 247 : flags |= GNUTLS_SFLAGS_EXT_MASTER_SECRET;
1618 293 : if (gnutls_session_etm_status(session))
1619 31 : flags |= GNUTLS_SFLAGS_ETM;
1620 293 : if (gnutls_heartbeat_allowed(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND))
1621 0 : flags |= GNUTLS_SFLAGS_HB_LOCAL_SEND;
1622 293 : if (gnutls_heartbeat_allowed(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND))
1623 0 : flags |= GNUTLS_SFLAGS_HB_PEER_SEND;
1624 293 : if (session->internals.hsk_flags & HSK_FALSE_START_USED)
1625 64 : flags |= GNUTLS_SFLAGS_FALSE_START;
1626 293 : if ((session->internals.hsk_flags & HSK_EARLY_START_USED) &&
1627 23 : (session->internals.flags & GNUTLS_ENABLE_EARLY_START))
1628 10 : flags |= GNUTLS_SFLAGS_EARLY_START;
1629 293 : if (session->internals.hsk_flags & HSK_USED_FFDHE)
1630 78 : flags |= GNUTLS_SFLAGS_RFC7919;
1631 293 : if (session->internals.hsk_flags & HSK_TICKET_RECEIVED)
1632 18 : flags |= GNUTLS_SFLAGS_SESSION_TICKET;
1633 293 : if (session->security_parameters.post_handshake_auth)
1634 11 : flags |= GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH;
1635 293 : if (session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED)
1636 3 : flags |= GNUTLS_SFLAGS_EARLY_DATA;
1637 293 : if (session->internals.hsk_flags & HSK_OCSP_REQUESTED)
1638 260 : flags |= GNUTLS_SFLAGS_CLI_REQUESTED_OCSP;
1639 293 : if (session->internals.hsk_flags & HSK_CLIENT_OCSP_REQUESTED)
1640 22 : flags |= GNUTLS_SFLAGS_SERV_REQUESTED_OCSP;
1641 :
1642 293 : return flags;
1643 : }
|